Abstract
RFID tags travel between partner sites in a supply chain. For privacy reasons, each partner owns the tags present at his site, i.e., the owner is the only entity able to authenticate his tags. When passing tags on to the next partner in the supply chain, ownership of the old partner is transferred to the new partner. In this paper, we propose ROTIV, a protocol that allows secure ownership transfer against malicious owners. ROTIV offers as well issuer verification to prevent malicious partners from injecting fake tags not originally issued by some trusted party. As part of ownership transfer, ROTIV provides a constant-time, privacy-preserving authentication. ROTIV’s main idea is to combine an HMAC-based authentication with public key encryption to achieve constant time authentication and issuer verification. To assure privacy, ROTIV implements key update techniques and tag state re-encryption techniques, performed on the reader. ROTIV is especially designed for lightweight tags which are only required to evaluate a hash function.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ateniese, G., Camenisch, J., de Medeiros, B.: Untraceable rfid tags via insubvertible encryption. In: CCS 2005: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 92–101. ACM, New York (2005) ISBN 1-59593-226-7
Ateniese, G., Kirsch, J., Blanton, M.: Secret handshakes with dynamic and fuzzy matching. In: Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society (2007)
Ballard, L., Green, M., de Medeiros, B., Monrose, F.: Correlation-resistant storage via keyword-searchable encryption. In: Cryptology ePrint Archive, Report 2005/417 (2005), http://eprint.iacr.org/
Burmester, M., de Medeiros, B., Motta, R.: Robust, anonymous RFID authentication with constant key-lookup. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 283–291. ACM, New York (2008) ISBN 978-1-59593-979-1
Dimitrou, T.: rfidDOT: RFID delegation and ownership transfer made simple. In: Proceedings of International Conference on Security and Privacy in Communication Networks, Istanbul, Turkey (2008) ISBN 978-1-60558-241-2
Elkhiyaoui, K., Blass, E.-O., Molva, R.: ROTIV: RFID Ownership Transfer with Issuer Verification. In: Cryptology ePrint Archive, Report 2010/634 (2010), http://eprint.iacr.org/
Fouladgar, S., Afifi, H.: An Efficient Delegation and Transfer of Ownership Protocol for RFID Tags. In: First International EURASIP Workshop on RFID Technology, Vienna, Austria (September 2007)
Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Appl. Math. 156, 3113–3121 (2008) ISSN 0166-218X
Juels, A., Weis, S.A.: Defining Strong Privacy for RFID. In: PerCom Workshops, White Plains, USA, pp. 342–347 (2007) ISBN 978-0-7695-2788-8
Kapoor, G., Piramuthu, S.: Single RFID Tag Ownership Transfer Protocols. IEEE Transactions on Systems, Man, and Cybernetics 99, 1–10 (2011) ISSN 1094-6977
Kulseng, L., Yu, Z., Wei, Y., Guan, Y.: Lightweight mutual authentication and ownership transfer for rfid systems. In: INFOCOM, pp. 251–255 (2010)
Lee, Y.K., Batina, L., Singelée, D., Verbauwhede, I.: Low-Cost Untraceable Authentication Protocols for RFID. In: Wetzel, S., Nita-Rotaru, C., Stajano, F.:Proceedings of the 3rd ACM Conference on Wireless Network Security – WiSec 2010, Hoboken, New Jersey, USA, pp. 55–64. ACM, ACM Press (March 2010)
Lim, C.H., Kwon, T.: Strong and Robust RFID Authentication Enabling Perfect Ownership Transfer. In: Ning, P., Qing, S., Li, N. (eds.) ICICS 2006. LNCS, vol. 4307, pp. 1–20. Springer, Heidelberg (2006)
Molnar, D., Soppera, A., Wagner, D.: A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 276–290. Springer, Heidelberg (2006)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic Approach to “Privacy-Friendly” Tags. In: RFID Privacy Workshop. MIT, Massachusetts (2003)
Paise, R., Vaudenay, S.: Mutual authentication in RFID: security and privacy. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 292–299. ACM, New York (2008) ISBN 978-1-59593-979-1
Saito, J., Imamoto, K., Sakurai, K.: Reassignment Scheme of an RFID Tag’s Key for Owner Transfer. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 1303–1312. Springer, Heidelberg (2005)
Song, B.: RFID Tag Ownership Transfer. In: Workshop on RFID Security – RFIDSec 2008, Budapest, Hungary (July 2008)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007) ISBN 3-540-76899-8, 978-3-540-76899-9
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elkhiyaoui, K., Blass, EO., Molva, R. (2012). ROTIV: RFID Ownership Transfer with Issuer Verification. In: Juels, A., Paar, C. (eds) RFID. Security and Privacy. RFIDSec 2011. Lecture Notes in Computer Science, vol 7055. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25286-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-25286-0_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25285-3
Online ISBN: 978-3-642-25286-0
eBook Packages: Computer ScienceComputer Science (R0)